ASA-202101-23 log generated external raw

[ASA-202101-23] wavpack: arbitrary code execution
Arch Linux Security Advisory ASA-202101-23 ========================================== Severity: Medium Date : 2021-01-12 CVE-ID : CVE-2020-35738 Package : wavpack Type : arbitrary code execution Remote : No Link : Summary ======= The package wavpack before version 5.3.0-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.3.0-2. # pacman -Syu "wavpack>=5.3.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Impact ====== A local user might execute arbitrary code through a crafted file. References ==========